Ga naar inhoud

trage pc


Aanbevolen berichten

mijn pc start ook traag op ,maar ook als ik met pijltjes naar vorige wil gaan,moet ik dikwijls meerdere malen klikken.

ook krijg ik vervelende reclame wanneer ik surf.heb enkele chinese sites bezocht,kan daar aan liggen.

kunnen jullie mij helpen

Link naar reactie
Delen op andere sites

Je topic werd verplaatst naar Bestrijding malware & virussen, zo word je sneller geholpen.

Kan je het onderstaande uitvoeren en het gevraagde logje posten ?

Download 51a5f5d096dae-icon_RSIT.pngRSIT van de onderstaande locaties en sla deze op het bureaublad op.

Hier staat een beschrijving hoe je kan kijken of je een 32- of 64-bitversie van Windows heeft.

Dubbelklik op RSIT.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Vervolgens wordt de "Disclaimer of warranty" getoond, klik vervolgens op "Continue"
  • Wanneer de tool gereed is worden er twee kladblok bestanden geopend genaamd "Log.txt" en "Info.txt" .

RSIT Logbestanden plaatsen

  • Voeg het logbestand met de naam "Log.txt" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden in de map ""C:\\rsit")
  • Het logbestand met de naam "Info.txt" wat geminimaliseerd is hoeft u niet te plaatsen. (Dit logbestand wordt enkel de eerst keer bij het uitvoeren aangemaakt).
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Bekijk ook de instructievideo.

Link naar reactie
Delen op andere sites

Logfile of random's system information tool 1.10 (written by random/random)

Run by HP at 2014-07-06 20:19:27

Microsoft Windows 7 Home Premium Service Pack 1

System drive C: has 112 GB (74%) free of 153 GB

Total RAM: 1015 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:19:53, on 6-7-2014

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v11.0 (11.00.9600.17126)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\PixArt\Pac207\Monitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Garmin\Express Tray\ExpressTray.exe

C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe

C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_125.exe

C:\Users\HP\Downloads\RSIT.exe

C:\Program Files\trend micro\HP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Gadgetbox Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Gadgetbox Search

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O2 - BHO: save on - {F89494BF-C177-BEBD-1F2F-2702704E3625} - C:\Program Files\save on\tTsssnT.dll

O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

O4 - HKCU\..\Run: [se] "C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe" /minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O20 - AppInit_DLLs: C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~1\so_boo~1\assist~1.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Search Protect Service (CltMngSvc) - Client Connect LTD - C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe

O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--

End of file - 6706 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

C:\Windows\tasks\SO_Booster-S-5194249478.job - c:\programdata\teddy app\so_booster\SO_Booster.exe /schedule /profile "c:\programdata\teddy app\so_booster\5194249478.ini"

=========Mozilla firefox=========

ProfilePath - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

prefs.js - "browser.search.useDBForOrder" - "false"

prefs.js - "browser.startup.homepage" - "www.google.be"

prefs.js - "keyword.URL" - "http://websearch.fastsearchings.info/?pid=377&r=2014/07/04&hid=15782698513346681117&lg=EN&cc=BE&unqvl=56&l=1&q="

"belgiumeid@eid.belgium.be"=C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]

"Description"=Adobe® Flash® Player 14.0.0.125 Plugin

"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]

"Description"=Google Earth in your browser

"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]

"Description"=Picasa3 plugin

"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]

"Description"=Java™ Deployment Toolkit

"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]

"Description"=Oracle® Next Generation Java™ Plug-In

"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]

"Description"=

"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"=Ag Player Plugin

"Path"=c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]

"Description"=Google Update

"Path"=C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.2]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.1.3]

"Description"=VLC Multimedia Plugin

"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]

"Description"=Handles PDFs in-place in Firefox

"Path"=C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\

belgiumeid@eid.belgium.be

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\

donottrackplus@abine.com

icr-eia@iouyoquki.com

uaoi.7iiee@uiuaiuiz.org

ufadrzow@o-uueslg.net

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\searchplugins\

WebSearch.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]

MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll [2014-04-09 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

Java Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-25 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]

Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-25 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625}]

save on - C:\Program Files\save on\tTsssnT.dll [2014-07-04 423936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2014-03-11 951576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"=C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2014-06-09 122200]

"se"=C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe [2014-07-04 5679008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21 959904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GarminExpressTrayApp]

C:\Program Files\Garmin\Express Tray\ExpressTray.exe [2014-06-09 122200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

C:\Program Files\Skype\Phone\Skype.exe [2014-05-08 21444224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll c:\progra~1\so_boo~1\assist~1.dll"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"ConsentPromptBehaviorAdmin"=5

"ConsentPromptBehaviorUser"=3

"EnableLUA"=0

"EnableUIADesktopToggle"=0

"EnableVirtualization"=0

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]

"vidc.mrle"=msrle32.dll

"vidc.msvc"=msvidc32.dll

"msacm.imaadpcm"=imaadp32.acm

"msacm.msg711"=msg711.acm

"msacm.msgsm610"=msgsm32.acm

"msacm.msadpcm"=msadp32.acm

"midimapper"=midimap.dll

"wavemapper"=msacm32.drv

"VIDC.UYVY"=msyuv.dll

"VIDC.YUY2"=msyuv.dll

"VIDC.YVYU"=msyuv.dll

"VIDC.IYUV"=iyuv_32.dll

"VIDC.I420"=lvcodec2.dll

"VIDC.YVU9"=tsbyuv.dll

"msacm.l3acm"=C:\Windows\System32\l3codeca.acm

"vidc.cvid"=iccvid.dll

"wave"=wdmaud.drv

"midi"=wdmaud.drv

"mixer"=wdmaud.drv

"wave1"=wdmaud.drv

"midi1"=wdmaud.drv

"mixer1"=wdmaud.drv

"aux"=wdmaud.drv

"MSVideo8"=VfWWDM32.dll

"wave2"=wdmaud.drv

"midi2"=wdmaud.drv

"mixer2"=wdmaud.drv

"aux1"=wdmaud.drv

"wave3"=wdmaud.drv

"midi3"=wdmaud.drv

"mixer3"=wdmaud.drv

"aux2"=wdmaud.drv

"MSVideo"=vfwwdm32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-07-06 20:19:27 ----D---- C:\rsit

2014-07-06 19:57:03 ----D---- C:\Program Files\Speccy

2014-07-04 18:41:16 ----A---- C:\Users\HP\AppData\Roaming\LiveSupport.exe_log.txt

2014-07-04 18:41:15 ----A---- C:\Users\HP\AppData\Roaming\regsvr32.exe_log.txt

2014-07-04 18:39:19 ----D---- C:\Users\HP\AppData\Roaming\SkypEmoticons

2014-07-04 18:39:00 ----D---- C:\Program Files\Optimizer Pro

2014-07-04 18:38:14 ----D---- C:\ProgramData\MySearch

2014-07-04 18:38:12 ----D---- C:\Program Files\MySearch

2014-07-04 18:36:28 ----D---- C:\Program Files\SearchProtect

2014-07-04 18:34:51 ----D---- C:\ProgramData\Teddy App

2014-07-04 18:34:37 ----D---- C:\Program Files\SO_Booster

2014-07-04 18:33:43 ----D---- C:\ProgramData\Adblocker

2014-07-04 18:33:42 ----D---- C:\Program Files\Adblocker

2014-07-04 18:33:28 ----D---- C:\ProgramData\save on

2014-07-04 18:33:26 ----D---- C:\Program Files\save on

2014-07-04 18:33:16 ----D---- C:\ProgramData\f4136af2338da4c5

2014-07-04 18:32:09 ----D---- C:\ProgramData\InstallMate

2014-06-30 18:12:11 ----D---- C:\Program Files\DogSettings

2014-06-19 06:19:43 ----A---- C:\Users\HP\AppData\Roaming\temp.ini

2014-06-18 09:51:23 ----D---- C:\Program Files\Mozilla Firefox

2014-06-12 06:25:35 ----D---- C:\ProgramData\Package Cache

2014-06-11 18:03:12 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-06-11 18:03:12 ----A---- C:\Windows\system32\ieetwproxystub.dll

2014-06-11 18:03:12 ----A---- C:\Windows\system32\ieetwcollector.exe

2014-06-11 18:03:10 ----A---- C:\Windows\system32\MsSpellCheckingFacility.exe

2014-06-11 18:03:09 ----A---- C:\Windows\system32\urlmon.dll

2014-06-11 18:03:08 ----A---- C:\Windows\system32\jsproxy.dll

2014-06-11 18:03:08 ----A---- C:\Windows\system32\ieUnatt.exe

2014-06-11 18:03:08 ----A---- C:\Windows\system32\iernonce.dll

2014-06-11 18:03:07 ----A---- C:\Windows\system32\msfeeds.dll

2014-06-11 18:03:07 ----A---- C:\Windows\system32\dxtmsft.dll

2014-06-11 18:03:05 ----A---- C:\Windows\system32\msrating.dll

2014-06-11 18:03:04 ----A---- C:\Windows\system32\iesetup.dll

2014-06-11 18:03:04 ----A---- C:\Windows\system32\ie4uinit.exe

2014-06-11 18:03:03 ----A---- C:\Windows\system32\ieetwcollectorres.dll

2014-06-11 18:03:02 ----A---- C:\Windows\system32\wininet.dll

2014-06-11 18:03:02 ----A---- C:\Windows\system32\ieapfltr.dll

2014-06-11 18:03:00 ----A---- C:\Windows\system32\dxtrans.dll

2014-06-11 18:02:59 ----A---- C:\Windows\system32\ieui.dll

2014-06-11 18:02:58 ----A---- C:\Windows\system32\ieframe.dll

2014-06-11 18:02:55 ----A---- C:\Windows\system32\mshtmlmedia.dll

2014-06-11 18:02:55 ----A---- C:\Windows\system32\mshtmled.dll

2014-06-11 18:02:54 ----A---- C:\Windows\system32\iertutil.dll

2014-06-11 18:02:52 ----A---- C:\Windows\system32\jscript9diag.dll

2014-06-11 18:02:50 ----A---- C:\Windows\system32\mshtml.dll

2014-06-11 18:02:49 ----A---- C:\Windows\system32\vbscript.dll

2014-06-11 18:02:48 ----A---- C:\Windows\system32\jscript9.dll

2014-06-11 18:02:28 ----A---- C:\Windows\system32\msxml6.dll

2014-06-11 18:02:27 ----A---- C:\Windows\system32\msxml6r.dll

2014-06-11 18:02:27 ----A---- C:\Windows\system32\msxml3r.dll

2014-06-11 18:02:27 ----A---- C:\Windows\system32\msxml3.dll

2014-06-11 18:02:11 ----A---- C:\Windows\system32\drivers\tcpip.sys

2014-06-11 18:02:11 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS

2014-06-11 18:02:08 ----A---- C:\Windows\system32\aepdu.dll

2014-06-11 18:02:07 ----A---- C:\Windows\system32\aeinv.dll

2014-06-11 18:01:22 ----A---- C:\Windows\system32\usp10.dll

2014-06-11 14:36:54 ----D---- C:\Program Files\McAfee Security Scan

2014-06-11 14:34:13 ----A---- C:\Windows\system32\RdpGroupPolicyExtension.dll

2014-06-11 14:34:13 ----A---- C:\Windows\system32\rdpcorets.dll

2014-06-11 14:32:04 ----D---- C:\ProgramData\McAfee Security Scan

2014-06-07 11:50:13 ----A---- C:\Windows\system32\drivers\mwac.sys

2014-06-07 11:50:13 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys

2014-06-07 11:50:13 ----A---- C:\Windows\system32\drivers\mbam.sys

2014-06-07 11:50:10 ----D---- C:\Program Files\Malwarebytes Anti-Malware

======List of files/folders modified in the last 1 month======

2014-07-06 20:19:39 ----D---- C:\Program Files\trend micro

2014-07-06 20:19:22 ----D---- C:\Windows\Prefetch

2014-07-06 20:01:54 ----D---- C:\Windows\Temp

2014-07-06 19:57:03 ----RD---- C:\Program Files

2014-07-06 15:18:32 ----D---- C:\Windows\system32\config

2014-07-06 12:47:54 ----D---- C:\Windows\inf

2014-07-06 12:46:23 ----D---- C:\Windows

2014-07-05 20:21:33 ----SHD---- C:\System Volume Information

2014-07-04 18:38:14 ----HD---- C:\ProgramData

2014-07-04 18:34:53 ----D---- C:\Windows\Tasks

2014-07-04 18:34:53 ----D---- C:\Windows\system32\Tasks

2014-07-04 18:33:15 ----D---- C:\Program Files\Google

2014-07-04 18:33:10 ----RD---- C:\Users

2014-07-02 19:00:49 ----D---- C:\Users\HP\AppData\Roaming\Skype

2014-06-30 19:27:56 ----D---- C:\Windows\debug

2014-06-30 18:49:20 ----D---- C:\Windows\System32

2014-06-30 18:49:20 ----A---- C:\Windows\system32\PerfStringBackup.INI

2014-06-28 21:24:49 ----D---- C:\Windows\system32\catroot2

2014-06-26 08:03:08 ----SHD---- C:\Windows\Installer

2014-06-26 08:03:08 ----SHD---- C:\Config.Msi

2014-06-18 15:00:16 ----D---- C:\Program Files\Mozilla Maintenance Service

2014-06-12 06:27:18 ----D---- C:\ProgramData\Garmin

2014-06-12 06:26:54 ----D---- C:\Program Files\Garmin

2014-06-11 20:51:00 ----D---- C:\Windows\rescache

2014-06-11 20:14:16 ----D---- C:\Windows\winsxs

2014-06-11 20:10:51 ----D---- C:\Windows\system32\en-US

2014-06-11 20:10:49 ----D---- C:\Program Files\Internet Explorer

2014-06-11 20:10:47 ----SD---- C:\Windows\system32\CompatTel

2014-06-11 20:10:47 ----D---- C:\Windows\system32\drivers

2014-06-11 20:10:43 ----D---- C:\Windows\system32\DriverStore

2014-06-11 16:09:29 ----D---- C:\ProgramData\Microsoft Help

2014-06-11 16:06:40 ----D---- C:\Windows\system32\MRT

2014-06-11 16:03:36 ----A---- C:\Windows\system32\MRT.exe

2014-06-11 14:35:00 ----D---- C:\Windows\system32\catroot

2014-06-11 14:31:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe

2014-06-07 12:22:41 ----D---- C:\Windows\Resources

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSHX;AVGIDSHX; C:\Windows\system32\DRIVERS\avgidshx.sys [2013-11-25 149272]

R0 Avglogx;AVG Logging Driver; C:\Windows\system32\DRIVERS\avglogx.sys [2013-10-31 222520]

R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2013-10-01 102712]

R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2013-09-10 27448]

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2014-01-25 231960]

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]

R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2013-11-25 120600]

R1 Avgfwfd;AVG network filter service; C:\Windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]

R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 210712]

R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-01-19 22808]

R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2013-11-01 176952]

R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2013-08-01 193848]

R1 MpKsl83f7cef1;MpKsl83f7cef1; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0EA0654-1DD5-4E9E-A5C4-CEB8763DBB2F}\MpKsl83f7cef1.sys [2014-07-06 39464]

R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]

R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]

R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]

R3 E100B;Intel® PRO-adapterstuurprogramma; C:\Windows\system32\DRIVERS\e100b325.sys [2009-07-14 159232]

R3 netr28u;RT2870 USB Extensible Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\netr28u.sys [2012-04-17 1317952]

R3 smwdm;smwdm; C:\Windows\system32\drivers\smwdm.sys [2005-03-28 220992]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]

S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]

S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]

S3 cxbu0wdm;OMNIKEY 1021; C:\Windows\system32\DRIVERS\cxbu0wdm.sys [2013-03-22 126592]

S3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\DRIVERS\LVUSBSta.sys [2005-01-31 22016]

S3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]

S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]

S3 PID_0920;Logitech QuickCam Express(PID_0920); C:\Windows\system32\DRIVERS\LV532AV.SYS [2005-01-31 163328]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]

S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]

S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]

S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

S3 WinUSB;Android USB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 3f17c95f;SO_Sustainer; c:\progra~1\so_boo~1\AssistantSvc.dll [2014-07-04 174928]

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-12-21 65432]

R2 c2cautoupdatesvc;Skype Click to Call Updater; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-04-11 1390720]

R2 c2cpnrsvc;Skype Click to Call PNR Service; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-04-11 1764992]

R2 CltMngSvc;Search Protect Service; C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe [2014-06-26 2832704]

R2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-06-09 435032]

R2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2014-02-06 2151744]

R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2014-03-11 22216]

R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]

S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2014-04-03 315008]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-11 262320]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2014-06-06 136120]

S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\Windows\system32\IEEtwCollector.exe [2014-05-30 108032]

S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-04-09 235696]

S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-06-18 119408]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-16 1343400]

S4 aspnet_state;ASP.NET-statusservice; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]

S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]

-----------------EOF-----------------

aangepast door Asus
overbodige quote verwijderd
Link naar reactie
Delen op andere sites

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {F89494BF-C177-BEBD-1F2F-2702704E3625};c
 C:\Program Files\save on;fs
 CltMngSvc;s
 C:\Windows\tasks\SO_Booster-S-5194249478.job;f
 c:\programdata\teddy app\so_booster;fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="uaoi.7iiee@uiuaiuiz.org"]uaoi.7iiee@uiuaiuiz.org[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="ufadrzow@o-uueslg.net"]ufadrzow@o-uueslg.net[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="icr-eia@iouyoquki.com"]icr-eia@iouyoquki.com[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\searchplugins\WebSearch.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625}];r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
 C:\Program Files\Optimizer Pro;fs
C:\ProgramData\MySearch;fs
C:\Program Files\MySearch;fs
C:\Program Files\SearchProtect;fs
C:\ProgramData\Teddy App;fs
C:\Program Files\SO_Booster;fs
C:\ProgramData\save on;fs
C:\ProgramData\f4136af2338da4c5;fs
C:\ProgramData\InstallMate;fs

  • Klik op de knop "More options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.

Download 51a612a8b27e2-Zoek.pngZoek.exe naar het bureaublad (niet de .zip- of .rar-versie)

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

  {F89494BF-C177-BEBD-1F2F-2702704E3625};c
 C:\Program Files\save on;fs
 CltMngSvc;s
 C:\Windows\tasks\SO_Booster-S-5194249478.job;f
 c:\programdata\teddy app\so_booster;fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="uaoi.7iiee@uiuaiuiz.org"]uaoi.7iiee@uiuaiuiz.org[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="ufadrzow@o-uueslg.net"]ufadrzow@o-uueslg.net[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\[email="icr-eia@iouyoquki.com"]icr-eia@iouyoquki.com[/email];fs
 C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\searchplugins\WebSearch.xml;f
 [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625}];r
 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows];r
"AppInit_DLLs"=-;r
 C:\Program Files\Optimizer Pro;fs
C:\ProgramData\MySearch;fs
C:\Program Files\MySearch;fs
C:\Program Files\SearchProtect;fs
C:\ProgramData\Teddy App;fs
C:\Program Files\SO_Booster;fs
C:\ProgramData\save on;fs
C:\ProgramData\f4136af2338da4c5;fs
C:\ProgramData\InstallMate;fs

  • Klik op de knop "More options" en vink nu de onderstaande opties aan.
  • Do a Quick Scan

  • Auto Clean
  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Zoek.exe v5.0.0.0 Updated 05-July-2014

Tool run by HP on ma 07-07-2014 at 7:21:17.99.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\HP\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

7-7-2014 7:30:03 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4057013218-24429279-960758687-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

user.js not found

---- Lines WebSearch removed from prefs.js ----

user_pref("browser.search.defaultenginename,S", "WebSearch");

user_pref("browser.search.defaulturl", "http://websearch.fastsearchings.info/?pid=377&r=2014/07/04&hid=15782698513346681117&lg=EN&cc=BE&unqvl=56&l=1&q

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.fastsearchings.info/?pid=377&r=2014/07/04&hid=15782698513346681117&lg=EN&cc=BE&unqvl=56&l=1&q=");

---- Lines trovi removed from prefs.js ----

user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3324756&octid=EB_ORIGINAL_CTID&ISID=M9F30BB9F-591B-442D-A773-F8DC17489141&SearchSour

user_pref("browser.search.defaultenginename", "Trovi search");

user_pref("browser.search.selectedEngine", "Trovi search");

---- Lines a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559 removed from prefs.js ----

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a6

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a6

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.active", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.addressbar", "NA");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.addressbarenhanced", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb.was_copied", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb_dbWasSet", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb_dbWasSet_FF25_FIX", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb.was_copied", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb_dbWasSet", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb_dbWasSet_FF25_FIX", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.backgroundver", 16);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.certdomaininstaller", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.changeprevious", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallationTime.expiration", "Fri Feb 01

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallationTime.value", "%221398837702%2

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallerParams.expiration", "Fri Feb 01

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallerParams.value", "%7B%22source_id%

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.description", "Apps Hat is the cool new Android

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.domain", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.enablesearch", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.homepage", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.iframe", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.InstallationThankYouPage", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.InstallationTime", 1398837702);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.__defualt_browser__.expiration", "Fri

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.__defualt_browser__.value", "%22ff%22

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.installer.expiration", "Fri Feb 01 20

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.installer.value", "%7B%22InstallerIde

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerIdentifiers.expiration", "Fr

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerIdentifiers.value", "%7B%22i

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParams.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParams.value", "%7B%22source

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParamsCache.expiration", "Fr

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParamsCache.value", "%7B%22s

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerUserIdentifiersCache.expirat

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerUserIdentifiersCache.value",

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledUrls.expir

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledUrls.value

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledWithHash.e

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledWithHash.v

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_last_executable_r

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_last_executable_r

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_notBundledArr_.ex

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_notBundledArr_.va

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_appVer.expiration", "Fri Fe

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_appVer.value", "77");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_lastVersion.expiration", "F

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_lastVersion.value", "5");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_meta.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_nextCheck.expiration", "Tue

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_nextCheck.value", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_queue.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_queue.value", "%7B%7D");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_remote_resources.expiration

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_remote_resources.value", "%

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_resource_485550.expiration"

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_resource_485550.value", "%2

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.lastDailyReport", "1399962354604");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.lastUpdate", "1399962353753");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.manifesturl", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.name", "Apps Hat");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.newtab", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.opensearch", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.pluginsurl", "http://js.clientstaticserv.com/plu

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.pluginsversion", 53);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.publisher", "Nero");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.searchstatus", 0);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.setnewtab", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.thankyou", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.updateinterval", 360);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.ver", 77);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.apps", "48559");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.bic", "141cb805be5d2d0f5d16f004b8c7b326");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.cid", 48559);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.FilesValidatorDueTime", "1399962400330");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.firstrun", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.hadappinstalled", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.installationdate", 1398838526);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.modetype", "production");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.reportInstall", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.statsDailyCounter", 30);

---- Lines extensions.Kg1KnH55Cti removed from prefs.js ----

user_pref("extensions.Kg1KnH55Cti.epoch", "1404749322");

user_pref("extensions.Kg1KnH55Cti.url", "http://centergoodfind.info/sync2/?q=hfZ9ofDSBShEAen0rHC6tMqLDe49CNU0nUkMCMlNhd9Fqda6rdnFqTr6rHaMBzqUojw9rdCEq

---- Lines extensions.hXjfFaf removed from prefs.js ----

user_pref("extensions.hXjfFaf.epoch", "1404749323");

user_pref("extensions.hXjfFaf.url", "http://terminalukusaa.us/sync2/?q=hfZ9ofq7B75MCyVUojr6qGhTB6lKDzt4oktxtNtVh7n0rjnEqHa9rjgHrTr6tMFHhd9Fqda6rdgFqTa

---- Lines extensions.i9DLi removed from prefs.js ----

user_pref("extensions.i9DLi.epoch", "1404749321");

user_pref("extensions.i9DLi.url", "http://syncjpi.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0nUkMCMlNhd9Fqda6rdnFqTrHrdYMBzqUojw9rdCEqTw7rdC8qSh7hf

---- FireFox user.js and prefs.js backups ----

prefs_07-07-2014_0810_.backup

ProfilePath: C:\Users\HP\AppData\Roaming\Thunderbird\Profiles\xlp493qy.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_07-07-2014_0810_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files\save on deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\uaoi.7iiee@uiuaiuiz.org deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\ufadrzow@o-uueslg.net deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\icr-eia@iouyoquki.com deleted

C:\Program Files\Optimizer Pro deleted

C:\ProgramData\MySearch deleted

C:\Program Files\MySearch deleted

C:\Program Files\SearchProtect deleted

C:\Program Files\SO_Booster deleted

C:\ProgramData\save on deleted

C:\ProgramData\f4136af2338da4c5 deleted

C:\ProgramData\InstallMate deleted

C:\Users\HP\AppData\LocalLow\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted

C:\Users\HP\AppData\Roaming\temp.ini deleted

C:\PROGRA~2\Package Cache deleted

C:\Users\HP\AppData\Local\SearchProtect deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\HP\Searches deleted

C:\Windows\system32\config\systemprofile\Searches deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\searchplugins\WebSearch.xml deleted

C:\Users\HP\Downloads\DE-OpenBlackHole PralineSIM1.0 SSL69-dm800 CrossEPG DynDNS Cron DEBHGUI-YellowAudioButtonFix.exe deleted

"C:\Windows\tasks\SO_Booster-S-5194249478.job" deleted

"C:\Windows\Installer\25262d.msi" deleted

"c:\programdata\teddy app\SO_Booster\SO_Booster.exe" deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons\Res.dll" deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe" deleted

"C:\ProgramData\Teddy App\SO_Booster\SO_Booster.exe" deleted

"C:\PROGRA~2\Teddy App\SO_Booster\SO_Booster.exe" deleted

"c:\programdata\teddy app\SO_Booster" not deleted

"C:\ProgramData\Teddy App" not deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons" deleted

"C:\PROGRA~2\Teddy App" not deleted

"C:\ProgramData\Teddy App\SO_Booster" not deleted

"C:\PROGRA~2\Teddy App\SO_Booster" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\HP\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2014-06-11 16:02:11 DEE7EDA5AAA96C4C68A1F098F5145799 187840 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2014-06-11 16:02:11 5579DD18546999F5D0EC39D018726C6B 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-07-06 17:57:03 -------- d-----w- C:\Program Files\Speccy

2014-07-04 16:33:42 -------- d-----w- C:\Program Files\Adblocker

2014-06-30 16:12:11 -------- d-----w- C:\Program Files\DogSettings

======= C: =====

====== C:\Users\HP\AppData\Roaming ======

2014-07-04 16:38:13 -------- d-----w- C:\Users\HP\AppData\Locallow\{A4856BF0-C338-D2A5-9EE2-1F76FBE2B4F7}

2014-07-04 16:33:42 -------- d-----w- C:\Users\HP\AppData\Locallow\{1EB61A8F-8C37-6C57-50C6-C2A3752666C1}

2014-07-04 16:33:15 -------- d-----w- C:\Users\HP\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\HP\AppData\Local\Torch

2014-07-04 16:33:14 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-07-04 16:33:14 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-07-04 16:33:13 -------- d-----w- C:\Users\Gast\AppData\Local\Torch

2014-07-04 16:33:13 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch

2014-07-04 16:33:12 -------- d-----w- C:\Users\HP\AppData\Local\Comodo

2014-07-04 16:33:12 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-07-04 16:33:12 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo

2014-07-04 16:33:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo

2014-07-04 16:33:10 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google

2014-07-04 16:33:10 -------- d-----w- C:\Users\Gast\AppData\Local\Google

2014-07-04 16:33:10 -------- d-----w- C:\Users\Administrator\AppData\Local\Google

2014-06-20 20:26:58 -------- d-----w- C:\Users\HP\AppData\Local\Adobe

====== C:\Users\HP ======

2014-07-06 18:18:09 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\HP\Downloads\RSIT.exe

2014-07-06 17:54:24 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\HP\Downloads\spsetup126.exe

2014-07-04 16:34:51 -------- d-----w- C:\ProgramData\Teddy App

2014-07-04 16:33:43 -------- d-----w- C:\ProgramData\Adblocker

2014-07-04 16:33:17 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol

2014-07-04 16:33:10 -------- d-----w- C:\Users\HomeGroupUser$\AppData

2014-07-04 16:33:10 -------- d-----w- C:\Users\Gast\AppData

2014-07-04 16:33:10 -------- d-----w- C:\Users\Administrator\AppData

2014-07-02 16:53:47 3EC89C2DF6E89B0134EAC5FCB9C52101 213 ----a-w- C:\Users\HP\cline verandering.txt

2014-07-02 16:29:31 4162C80671E3D0F59BD93F5B23C49334 282 ----a-w- C:\Users\HP\cline.txt

2014-06-30 17:17:43 B30CD9E79C6081BA6B991F3C84F24B47 895120 ----a-w- C:\Users\HP\Downloads\ChromeSetup.exe

2014-06-30 16:12:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DogSettings

2014-06-30 15:03:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

2014-06-30 14:58:52 F40C0618558059E63037D2DDEE8BB4ED 265752 ----a-w- C:\Users\HP\Downloads\Ninite Picasa Installer.exe

====== C: exe-files ==

2014-07-06 18:18:09 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\HP\Downloads\RSIT.exe

2014-07-06 17:54:24 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\HP\Downloads\spsetup126.exe

2014-06-30 17:17:43 B30CD9E79C6081BA6B991F3C84F24B47 895120 ----a-w- C:\Users\HP\Downloads\ChromeSetup.exe

2014-06-30 16:12:12 B22A7E588CAFF1D9057F96057976BE6D 178688 ----a-w- C:\Program Files\DogSettings\AutoUpdate.exe

2014-06-30 16:12:11 B82083BD10AFB1B7756F8B0BF3B93AC0 715038 ----a-w- C:\Program Files\DogSettings\unins000.exe

2014-06-30 16:12:11 043E73C46754DAAAF8D9C5FCAB155D35 2430976 ----a-w- C:\Program Files\DogSettings\DogSettings.exe

2014-06-30 15:04:01 2294324CC84BA6D4CE08355580723189 17312072 ---ha-w- C:\Program Files\Google\Picasa3\setup.exe

2014-06-30 15:03:45 FE5B5370AB6EA4C046331993C771B275 171378 ----a-w- C:\Program Files\Google\Picasa3\Uninstall.exe

2014-06-30 15:02:54 C1B577B2169900F4CF7190C39F085794 136120 ----a-w- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

2014-06-30 14:58:52 F40C0618558059E63037D2DDEE8BB4ED 265752 ----a-w- C:\Users\HP\Downloads\Ninite Picasa Installer.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4057013218-24429279-960758687-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

"se"="C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe /minimized "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

"se"="C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe /minimized "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GarminExpressTrayApp"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"AS2014"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11-06-2014 14:31]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [18-06-2014 09:51]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com

ProfilePath: C:\Users\HP\AppData\Roaming\Thunderbird\Profiles\xlp493qy.default

- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash

B5269A90EB2C747C4802E2FE0527C5D2 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bopakagnckmlgajfccecajhnimjiiedh - No path found[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11-04-2014 19:46]

MySearch - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Vertalen.nu - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\giapagjeblcapfphboclikepoeelhgkj

Win by Browsing - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

Google Wallet - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

MySearch - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

==== Chrome Fix ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastsearchings.info_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastsearchings.info_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajgdplefgmappfailfncnidngmdcdomd_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajgdplefgmappfailfncnidngmdcdomd_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.gboxapp.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.gboxapp.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1d30935c-1960-4183-86b4-8e7666e9d99d deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\9anhn392.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=495 folders=194 97983263 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\HP\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\HP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"c:\programdata\teddy app\SO_Booster" not found

"C:\ProgramData\Teddy App" not found

"C:\PROGRA~2\Teddy App" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on ma 07-07-2014 at 8:34:07.02 ======================

is dit het bestand dat je moet hebben.heb malwarebytes verwijderd,is die virusscanner van microsoft essentials genoeg.

Link naar reactie
Delen op andere sites

Zoek.exe v5.0.0.0 Updated 05-July-2014

Tool run by HP on ma 07-07-2014 at 7:21:17.99.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\HP\Downloads\zoek.exe [scan all users] [script inserted] [Checkboxes used]

==== System Restore Info ======================

7-7-2014 7:30:03 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-4057013218-24429279-960758687-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

HKEY_CLASSES_ROOT\CLSID\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CltMngSvc deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

user.js not found

---- Lines WebSearch removed from prefs.js ----

user_pref("browser.search.defaultenginename,S", "WebSearch");

user_pref("browser.search.defaulturl", "http://websearch.fastsearchings.info/?pid=377&r=2014/07/04&hid=15782698513346681117&lg=EN&cc=BE&unqvl=56&l=1&q

user_pref("browser.search.order.1", "WebSearch");

user_pref("browser.search.order.1,S", "WebSearch");

user_pref("browser.search.selectedEngine,S", "WebSearch");

user_pref("keyword.URL", "http://websearch.fastsearchings.info/?pid=377&r=2014/07/04&hid=15782698513346681117&lg=EN&cc=BE&unqvl=56&l=1&q=");

---- Lines trovi removed from prefs.js ----

user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3324756&octid=EB_ORIGINAL_CTID&ISID=M9F30BB9F-591B-442D-A773-F8DC17489141&SearchSour

user_pref("browser.search.defaultenginename", "Trovi search");

user_pref("browser.search.selectedEngine", "Trovi search");

---- Lines a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559 removed from prefs.js ----

user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"private

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a6

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a6

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.active", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.addressbar", "NA");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.addressbarenhanced", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb.was_copied", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb_dbWasSet", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncdb_dbWasSet_FF25_FIX", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb.was_copied", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb_dbWasSet", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.asyncinternaldb_dbWasSet_FF25_FIX", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.backgroundver", 16);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.certdomaininstaller", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.changeprevious", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallationTime.expiration", "Fri Feb 01

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallationTime.value", "%221398837702%2

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallerParams.expiration", "Fri Feb 01

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.cookie.InstallerParams.value", "%7B%22source_id%

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.description", "Apps Hat is the cool new Android

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.domain", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.enablesearch", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.homepage", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.iframe", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.InstallationThankYouPage", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.InstallationTime", 1398837702);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.__defualt_browser__.expiration", "Fri

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.__defualt_browser__.value", "%22ff%22

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.installer.expiration", "Fri Feb 01 20

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.installer.value", "%7B%22InstallerIde

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerIdentifiers.expiration", "Fr

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerIdentifiers.value", "%7B%22i

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParams.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParams.value", "%7B%22source

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParamsCache.expiration", "Fr

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerParamsCache.value", "%7B%22s

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerUserIdentifiersCache.expirat

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.InstallerUserIdentifiersCache.value",

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledUrls.expir

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledUrls.value

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledWithHash.e

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_bundledWithHash.v

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_last_executable_r

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_last_executable_r

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_notBundledArr_.ex

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.monetization_plugin_notBundledArr_.va

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_appVer.expiration", "Fri Fe

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_appVer.value", "77");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_lastVersion.expiration", "F

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_lastVersion.value", "5");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_meta.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_nextCheck.expiration", "Tue

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_nextCheck.value", "true");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_queue.expiration", "Fri Feb

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_queue.value", "%7B%7D");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_remote_resources.expiration

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_remote_resources.value", "%

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_resource_485550.expiration"

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.internaldb.Resources_resource_485550.value", "%2

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.lastDailyReport", "1399962354604");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.lastUpdate", "1399962353753");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.manifesturl", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.name", "Apps Hat");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.newtab", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.opensearch", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.pluginsurl", "http://js.clientstaticserv.com/plu

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.pluginsversion", 53);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.publisher", "Nero");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.searchstatus", 0);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.setnewtab", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.thankyou", "");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.updateinterval", 360);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.48559.ver", 77);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.apps", "48559");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.bic", "141cb805be5d2d0f5d16f004b8c7b326");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.cid", 48559);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.FilesValidatorDueTime", "1399962400330");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.firstrun", false);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.hadappinstalled", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.installationdate", 1398838526);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.modetype", "production");

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.reportInstall", true);

user_pref("extensions.a39ed7c16185d4f88b976666d4928ba01fe4550c17a4f4a62ad1c45e0afdf81a4com48559.statsDailyCounter", 30);

---- Lines extensions.Kg1KnH55Cti removed from prefs.js ----

user_pref("extensions.Kg1KnH55Cti.epoch", "1404749322");

user_pref("extensions.Kg1KnH55Cti.url", "http://centergoodfind.info/sync2/?q=hfZ9ofDSBShEAen0rHC6tMqLDe49CNU0nUkMCMlNhd9Fqda6rdnFqTr6rHaMBzqUojw9rdCEq

---- Lines extensions.hXjfFaf removed from prefs.js ----

user_pref("extensions.hXjfFaf.epoch", "1404749323");

user_pref("extensions.hXjfFaf.url", "http://terminalukusaa.us/sync2/?q=hfZ9ofq7B75MCyVUojr6qGhTB6lKDzt4oktxtNtVh7n0rjnEqHa9rjgHrTr6tMFHhd9Fqda6rdgFqTa

---- Lines extensions.i9DLi removed from prefs.js ----

user_pref("extensions.i9DLi.epoch", "1404749321");

user_pref("extensions.i9DLi.url", "http://syncjpi.info/sync2/?q=hfZ9ofV9CShEAen0rHC6tMqLDe49CNU0nUkMCMlNhd9Fqda6rdnFqTrHrdYMBzqUojw9rdCEqTw7rdC8qSh7hf

---- FireFox user.js and prefs.js backups ----

prefs_07-07-2014_0810_.backup

ProfilePath: C:\Users\HP\AppData\Roaming\Thunderbird\Profiles\xlp493qy.default

user.js not found

---- FireFox user.js and prefs.js backups ----

prefs_07-07-2014_0810_.backup

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F89494BF-C177-BEBD-1F2F-2702704E3625}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=-

==== Deleting Files \ Folders ======================

C:\Program Files\save on deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\uaoi.7iiee@uiuaiuiz.org deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\ufadrzow@o-uueslg.net deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\extensions\icr-eia@iouyoquki.com deleted

C:\Program Files\Optimizer Pro deleted

C:\ProgramData\MySearch deleted

C:\Program Files\MySearch deleted

C:\Program Files\SearchProtect deleted

C:\Program Files\SO_Booster deleted

C:\ProgramData\save on deleted

C:\ProgramData\f4136af2338da4c5 deleted

C:\ProgramData\InstallMate deleted

C:\Users\HP\AppData\LocalLow\{F89494BF-C177-BEBD-1F2F-2702704E3625} deleted

C:\Users\HP\AppData\Roaming\temp.ini deleted

C:\PROGRA~2\Package Cache deleted

C:\Users\HP\AppData\Local\SearchProtect deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons deleted

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk deleted

C:\Users\HP\Searches deleted

C:\Windows\system32\config\systemprofile\Searches deleted

C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default\searchplugins\WebSearch.xml deleted

C:\Users\HP\Downloads\DE-OpenBlackHole PralineSIM1.0 SSL69-dm800 CrossEPG DynDNS Cron DEBHGUI-YellowAudioButtonFix.exe deleted

"C:\Windows\tasks\SO_Booster-S-5194249478.job" deleted

"C:\Windows\Installer\25262d.msi" deleted

"c:\programdata\teddy app\SO_Booster\SO_Booster.exe" deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons\Res.dll" deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe" deleted

"C:\ProgramData\Teddy App\SO_Booster\SO_Booster.exe" deleted

"C:\PROGRA~2\Teddy App\SO_Booster\SO_Booster.exe" deleted

"c:\programdata\teddy app\SO_Booster" not deleted

"C:\ProgramData\Teddy App" not deleted

"C:\Users\HP\AppData\Roaming\SkypEmoticons" deleted

"C:\PROGRA~2\Teddy App" not deleted

"C:\ProgramData\Teddy App\SO_Booster" not deleted

"C:\PROGRA~2\Teddy App\SO_Booster" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\HP\AppData\Local\Temp ====

====== Java Cache =====

====== C:\Windows\system32 =====

====== C:\Windows\system32\drivers =====

2014-06-11 16:02:11 DEE7EDA5AAA96C4C68A1F098F5145799 187840 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2014-06-11 16:02:11 5579DD18546999F5D0EC39D018726C6B 1294272 ----a-w- C:\Windows\System32\drivers\tcpip.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2014-07-06 17:57:03 -------- d-----w- C:\Program Files\Speccy

2014-07-04 16:33:42 -------- d-----w- C:\Program Files\Adblocker

2014-06-30 16:12:11 -------- d-----w- C:\Program Files\DogSettings

======= C: =====

====== C:\Users\HP\AppData\Roaming ======

2014-07-04 16:38:13 -------- d-----w- C:\Users\HP\AppData\Locallow\{A4856BF0-C338-D2A5-9EE2-1F76FBE2B4F7}

2014-07-04 16:33:42 -------- d-----w- C:\Users\HP\AppData\Locallow\{1EB61A8F-8C37-6C57-50C6-C2A3752666C1}

2014-07-04 16:33:15 -------- d-----w- C:\Users\HP\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\HP\AppData\Local\Torch

2014-07-04 16:33:14 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Torch

2014-07-04 16:33:14 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\Gast\AppData\Local\Chromatic Browser

2014-07-04 16:33:14 -------- d-----w- C:\Users\Administrator\AppData\Local\Chromatic Browser

2014-07-04 16:33:13 -------- d-----w- C:\Users\Gast\AppData\Local\Torch

2014-07-04 16:33:13 -------- d-----w- C:\Users\Administrator\AppData\Local\Torch

2014-07-04 16:33:12 -------- d-----w- C:\Users\HP\AppData\Local\Comodo

2014-07-04 16:33:12 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Comodo

2014-07-04 16:33:12 -------- d-----w- C:\Users\Gast\AppData\Local\Comodo

2014-07-04 16:33:11 -------- d-----w- C:\Users\Administrator\AppData\Local\Comodo

2014-07-04 16:33:10 -------- d-----w- C:\Users\HomeGroupUser$\AppData\Local\Google

2014-07-04 16:33:10 -------- d-----w- C:\Users\Gast\AppData\Local\Google

2014-07-04 16:33:10 -------- d-----w- C:\Users\Administrator\AppData\Local\Google

2014-06-20 20:26:58 -------- d-----w- C:\Users\HP\AppData\Local\Adobe

====== C:\Users\HP ======

2014-07-06 18:18:09 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\HP\Downloads\RSIT.exe

2014-07-06 17:54:24 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\HP\Downloads\spsetup126.exe

2014-07-04 16:34:51 -------- d-----w- C:\ProgramData\Teddy App

2014-07-04 16:33:43 -------- d-----w- C:\ProgramData\Adblocker

2014-07-04 16:33:17 02C1EE40968BAA67C3A785CDA9807125 262 --sha-r- C:\ProgramData\ntuser.pol

2014-07-04 16:33:10 -------- d-----w- C:\Users\HomeGroupUser$\AppData

2014-07-04 16:33:10 -------- d-----w- C:\Users\Gast\AppData

2014-07-04 16:33:10 -------- d-----w- C:\Users\Administrator\AppData

2014-07-02 16:53:47 3EC89C2DF6E89B0134EAC5FCB9C52101 213 ----a-w- C:\Users\HP\cline verandering.txt

2014-07-02 16:29:31 4162C80671E3D0F59BD93F5B23C49334 282 ----a-w- C:\Users\HP\cline.txt

2014-06-30 17:17:43 B30CD9E79C6081BA6B991F3C84F24B47 895120 ----a-w- C:\Users\HP\Downloads\ChromeSetup.exe

2014-06-30 16:12:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DogSettings

2014-06-30 15:03:45 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

2014-06-30 14:58:52 F40C0618558059E63037D2DDEE8BB4ED 265752 ----a-w- C:\Users\HP\Downloads\Ninite Picasa Installer.exe

====== C: exe-files ==

2014-07-06 18:18:09 8685FAF50C04F9A9C2F56FF64B0B7ACB 1107968 ----a-w- C:\Users\HP\Downloads\RSIT.exe

2014-07-06 17:54:24 6DC6EBDF9391271098C40F6BA7779430 4890736 ----a-w- C:\Users\HP\Downloads\spsetup126.exe

2014-06-30 17:17:43 B30CD9E79C6081BA6B991F3C84F24B47 895120 ----a-w- C:\Users\HP\Downloads\ChromeSetup.exe

2014-06-30 16:12:12 B22A7E588CAFF1D9057F96057976BE6D 178688 ----a-w- C:\Program Files\DogSettings\AutoUpdate.exe

2014-06-30 16:12:11 B82083BD10AFB1B7756F8B0BF3B93AC0 715038 ----a-w- C:\Program Files\DogSettings\unins000.exe

2014-06-30 16:12:11 043E73C46754DAAAF8D9C5FCAB155D35 2430976 ----a-w- C:\Program Files\DogSettings\DogSettings.exe

2014-06-30 15:04:01 2294324CC84BA6D4CE08355580723189 17312072 ---ha-w- C:\Program Files\Google\Picasa3\setup.exe

2014-06-30 15:03:45 FE5B5370AB6EA4C046331993C771B275 171378 ----a-w- C:\Program Files\Google\Picasa3\Uninstall.exe

2014-06-30 15:02:54 C1B577B2169900F4CF7190C39F085794 136120 ----a-w- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

2014-06-30 14:58:52 F40C0618558059E63037D2DDEE8BB4ED 265752 ----a-w- C:\Users\HP\Downloads\Ninite Picasa Installer.exe

=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-4057013218-24429279-960758687-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

"se"="C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe /minimized "

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"SPReview"="C:\Windows\System32\SPReview\SPReview.exe /sp:1 /errorfwlink:Troubleshoot problems installing Service Pack 1 (SP1) for Windows 7 and Windows Server 2008 R2 - Windows Help /build:7601"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe"

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"GarminExpressTrayApp"="C:\Program Files\Garmin\Express Tray\ExpressTray.exe"

"se"="C:\Users\HP\AppData\Roaming\SkypEmoticons\SE.exe /minimized "

==== Startup Registry Disabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Adobe ARM"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GarminExpressTrayApp]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="GarminExpressTrayApp"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Garmin\\Express Tray\\ExpressTray.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Skype"

"hkey"="HKCU"

"command"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /minimized /regrun"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="SunJavaUpdateSched"

"hkey"="HKLM"

"command"="\"C:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe\""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]

"AS2014"=""

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]

"Adobe ARM"="\"C:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [11-06-2014 14:31]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\Windows\system32\tasks\Adobe-online actualiseringsprogramma" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]

"C:\Windows\system32\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]

"C:\Windows\system32\tasks\GarminUpdaterTask" [C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]

"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [18-06-2014 09:51]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com

ProfilePath: C:\Users\HP\AppData\Roaming\Thunderbird\Profiles\xlp493qy.default

- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash

B5269A90EB2C747C4802E2FE0527C5D2 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bopakagnckmlgajfccecajhnimjiiedh - No path found[]

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11-04-2014 19:46]

MySearch - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Administrator\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Administrator\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - Gast\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - Gast\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - Gast\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Vertalen.nu - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\giapagjeblcapfphboclikepoeelhgkj

Win by Browsing - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

Google Wallet - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

MySearch - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

MySearch - HP\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd

Win by Browsing - HP\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd

save on - HP\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc

==== Chrome Fix ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastsearchings.info_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_websearch.fastsearchings.info_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\ajgdplefgmappfailfncnidngmdcdomd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajgdplefgmappfailfncnidngmdcdomd_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ajgdplefgmappfailfncnidngmdcdomd_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\idfnpgjblkahngbondojabhffkkdekbd deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_idfnpgjblkahngbondojabhffkkdekbd_0.localstorage-journal deleted successfully

C:\Users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\Gast\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HomeGroupUser$\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Chromatic Browser\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

C:\Users\HP\AppData\Local\Torch\User Data\Default\Extensions\ldefbknceohohkaphanmboancelakfpc deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.gboxapp.com/"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://search.gboxapp.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F60730A4A66673047777F5728467D401 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1d30935c-1960-4183-86b4-8e7666e9d99d deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1 deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10} deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect deleted successfully

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{993EA8F6-6E55-7E4E-39DE-5796E3226DB9} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F60730A4A66673047777F5728467D401 deleted successfully

==== Empty IE Cache ======================

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\9anhn392.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=495 folders=194 97983263 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\HP\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\HP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"c:\programdata\teddy app\SO_Booster" not found

"C:\ProgramData\Teddy App" not found

"C:\PROGRA~2\Teddy App" not found

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not found

==== EOF on ma 07-07-2014 at 8:34:07.02 ======================

==== After Reboot ======================

==== EOF on ma 07-07-2014 at 8:48:54.22 ======================

of is het dit.

ben maar een leek op pc gebied.

aangepast door kape
quote verwijderd
Link naar reactie
Delen op andere sites

Oeps ... wat een berg rotzooi van de PC verwijderd :dong:

Maar we zijn er nog niet helemaal. Doe nu even het volgende:

Dubbelklik op Zoek.exe om de tool te starten.

  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

 
 C:\Users\HP\AppData\Locallow\{A4856BF0-C338-D2A5-9EE2-1F76FBE2B4F7};fs
C:\Users\HP\AppData\Locallow\{1EB61A8F-8C37-6C57-50C6-C2A3752666C1};fs
C:\Users\HP\AppData\Local\Chromatic Browser;fs
C:\Users\HP\AppData\Local\Torch;fs
C:\Users\HomeGroupUser$\AppData\Local\Torch;fs
C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser;fs
C:\Users\Gast\AppData\Local\Chromatic Browser;fs
C:\Users\Administrator\AppData\Local\Chromatic Browser;fs
C:\Users\Gast\AppData\Local\Torch;fs
C:\Users\Administrator\AppData\Local\Torch;fs
 CHRdefaults;
 autoclean;

  • De optie "Scan All Users" staat standaard aangevinkt.
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht er geen logje verschijnen, start zoek.exe dan opnieuw en klik op de knop zoek-results.log, de log verschijnt dan alsnog.
  • Post het geopende logje in het volgende bericht als bijlage.

Zoek.exe logbestand plaatsen

  • Voeg het logbestand met de naam "Zoek-results.log" als bijlage toe aan het volgende bericht. (Dit logbestand kunt u tevens terug vinden op de systeemschijf als C:\\Zoek-results.log.)
  • Hoe u een bijlage kunt toevoegen aan het bericht leest u hier.

Link naar reactie
Delen op andere sites

Zoek.exe v5.0.0.0 Updated 05-July-2014

Tool run by HP on di 08-07-2014 at 9:54:11.96.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x86

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\HP\Downloads\zoek.exe [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-07-064854.log 50472 bytes

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\Users\HP\AppData\Locallow\{A4856BF0-C338-D2A5-9EE2-1F76FBE2B4F7} deleted

C:\Users\HP\AppData\Locallow\{1EB61A8F-8C37-6C57-50C6-C2A3752666C1} deleted

C:\Users\HP\AppData\Local\Chromatic Browser deleted

C:\Users\HP\AppData\Local\Torch deleted

C:\Users\HomeGroupUser$\AppData\Local\Torch deleted

C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser deleted

C:\Users\Gast\AppData\Local\Chromatic Browser deleted

C:\Users\Administrator\AppData\Local\Chromatic Browser deleted

C:\Users\Gast\AppData\Local\Torch deleted

C:\Users\Administrator\AppData\Local\Torch deleted

C:\Users\HP\Searches deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"belgiumeid@eid.belgium.be"="C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be" [18-06-2014 09:51]

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{e4f94d1e-2f53-401e-8885-681602c0ddd8}"="C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi" [04-04-2014 12:36]

==== Firefox Extensions ======================

ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

- Belgium eID - C:\Program Files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be

- DoNotTrackMe: Online Privacy Protection - %ProfilePath%\extensions\donottrackplus@abine.com

ProfilePath: C:\Users\HP\AppData\Roaming\Thunderbird\Profiles\xlp493qy.default

- Instrument Test - %ProfilePath%\extensions\tbtestpilot@labs.mozilla.com.xpi

AppDir: C:\Program Files\Mozilla Firefox

- Belgium eID - %AppDir%\extensions\belgiumeid@eid.belgium.be

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\9anhn392.default

738C29EAC995029E13333034C1402F56 - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll - Shockwave Flash

B5269A90EB2C747C4802E2FE0527C5D2 - C:\Program Files\Google\Picasa3\npPicasa3.dll - Picasa

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll - Adobe Acrobat

14365399E83D7BC15760E8676E890C87 - C:\Program Files\Adobe\Reader 11.0\Reader\browser\nppdf32.dll - Adobe Acrobat

01D93217A9EE48DD37072B671378CC9C - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll - Silverlight Plug-In

0CA4180B21C6B728578F3B0433BB740E - C:\Program Files\VideoLAN\VLC\npvlc.dll - VLC Web Plugin

5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin

ABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25

D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System

28986F0A2342A033345EF9E70D395E4F - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrlui.dll - Microsoft® Silverlight

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[11-04-2014 19:46]

Vertalen.nu - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\giapagjeblcapfphboclikepoeelhgkj

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\HP\AppData\Local\Mozilla\Firefox\Profiles\9anhn392.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=496 folders=231 97984290 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\HP\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\HP\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" deleted

==== EOF on di 08-07-2014 at 10:30:12.25 ======================

aangepast door Asus
overbodige quote verwijderd
Link naar reactie
Delen op andere sites

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.